Share with ownCloud Users or Guest Users
It only takes some simple steps to share files using End-to-End-Encryption:
- When an ownCloud user logs in for the first time, a yellow attention box asks for a initial creation of the keys
Click on the link, this will direct you to the Security section of your Personal Settings.
Detailed information about the options are found in the E2EE - User Setup
- Create a folder which should contain encrypted files. Single, previously uploaded files cannot be converted to encrypted files.
Open the folder's Sharing properties and check the Share Encrypted option to enable encrypted sharing.
If you start uploading right away, the files will be encrypted for you only. If you want to share files with other users, make sure to invite them and double check, if they have a valid public key in the system.
Next you need to share this folder. Add ownCloud or guest users the same way you would do in a standard ownCloud installation by entering the user name into the Share with input field or by inviting a guest user by entering the email address:
If you shared with a guest user, you will receive an email notification once the guest has logged in the first time (and thus created the key). You may spot this in the Sharing tab as well, when the user name is shown with a lock symbol instead of an exclamation mark symbol (see Sharing tab below). Only then it makes sense to start uploading files.
If you add an existing ownCloud or guest user who already has got keys all files in the directory will be re-encrypted on the fly so the users can read them instantly.
Once a folder is shared you can view the details in the Sharing tab
In this screenshot you see the file list (middle) and the Sharing tab (right) for the folder New Folder.
Share Tab View
Users who have got at least one key are indicated with a black lock symbol
Users who do not have any keys are indicated with a red exclamation mark symbol
Below each user a list of abbreviated key ids is shown fore reference, when you move the mouse pointer over it the full key id is shown.
If a user has generated a new key after a file was uploaded to the directory, this key is missing in the folder and therefore that user would not be able to open the mentioned file without re-encrypting the folder.
In this case the user name is shown bold, followed by the number of new keys in the parentheses. The missing key id is shown in red color.
As a Sharer, by clicking the arrow button next to the user name you can re-encrypt the folder, which adds the new keys. A confirmation window will open, indicating how many files would have to been re-encrypted.
Guest users receive an invitation email upon sharing with them for the first time. As long as they have not yet registered the button is shown. By clicking this button the original invitation email containing the login credentials are resent to that user.
File List View
A white lock indicates that the folder is encrypted for all keys for all users the folder was shared with.
Every folder, which is shared encrypted carries a lock symbol in the folder icon.
A red lock indicates that at least for one user at least one key is missing.
Share with Public Links
Starting with version 1.3.0 it is possible to have files, uploaded to a public share, end-to-end-encrypted. The uploaded file will be encrypted with the share initiator's public keys.
There is no way uploaders can add their keys, so the files can be opened by the recipient only.
E2EE for Public Links is set up in three little steps:
- Create a folder and open its Sharing properties:
Create a public link and make sure, that the share is writable by users, i.e. choose Read & Write or Upload only:
When choosing Read & Write public users can see their and previously uploaded e2ee-files and even download them. However, they would not be able to open them since they do not have the private key to decrypt.
If uploaded files should be invisible to your share recipients, choose Upload only (File drop)
- Mark the folder as an e2ee folder by clicking the Share encrypted checkbox